CA BD NY

  •  Subscribe in a reader

    Add to Google Reader or Homepage

  • Categories

  • Recent Posts

  • RSS MySQL Hacker

  • RSS CentOS Hacker

  • RSS Editor's Lists

    • An error has occurred; the feed is probably down. Try again later.

  • Meta

  •  Subscribe in a reader

    Add to Google Reader or Homepage

    • Archive for the Security Category


    Disabling SSL v2 in Apache/SSL

    Published January 25th, 2010

    Today we found out that one of the client sites had their precious hacker-safe badge dropped because the Web server that they were running was offering SSL v2 support.
    So we decided to investigate by running:

    $ openssl s_client –ssl2 –connect www.clienthostname.com:443

    We were able to connect! This confirmed that we had SSL v2 enabled Apache, which is [...]

    Quick and Dirty Apache Log Analyzer to Find Top-100 IP Visits

    Published January 16th, 2010

    We do not run local log analysis program since most customers rely on off-site Google Analytics. So we find ourselves often writing on-the-fly awk scripts to find the top-100 or top-1000 IP visitors from time to time when debugging site performance issues. Who hasn’t found their sites slow thanks to crawlers jamming the site?
    So to [...]

    Disabling Weak SSL v2 Support in Apache Server

    Published December 4th, 2008

    How to disable SSL v2 support in Apache and upgrade to SSL v3 for better SSL security.

    Running Web Sites Under Multiple User Accounts with mod_itk

    Published November 28th, 2008

    How to run Apache using different Linux user accounts for each virtual host

    Making Volunerability Scanners Happy with Your Apache Server

    Published November 28th, 2008

    How to make PCI DSS volunerability scanners happy with your Apache Server

    Restrict Downloading of Files by Extension

    Published November 28th, 2008

    How to stop Apache from letting visitors browse or download of files with specific extensions.